For almost 150 years, the U.S. Government Printing Office (GPO) has been the official disseminator of Government documents and has assured users of their authenticity.
In the 21st century, the increasing use of electronic documents poses special challenges in verifying authenticity, because digital technology makes such documents easy to alter or copy, leading to multiple non-identical versions that can be used in unauthorized or illegitimate ways.
To help meet the challenge of the digital age, GPO has begun implementing digital signatures to certain electronic documents on GPO Access that not only establish GPO as the trusted information disseminator, but also provide the assurance that an electronic document has not been altered since GPO disseminated it.
The visible digital signatures on online PDF documents serve the same purpose as handwritten signatures or traditional wax seals on printed documents. A digital signature, viewed through the GPO Seal of Authenticity, verifies document integrity and authenticity on GPO online Federal documents, at no cost to the customer.
GPO uses a digital certificate to apply digital signatures to PDF documents. In order for users to validate the certificate that was used by GPO to apply a digital signature to document, a chain of certificates or a certification path between the certificate and an established point of trust must be established, and every certificate within that path must be checked.
Software Requirements for Validating Digital Signatures
Authenticated FY09 Budget
GPO has worked with the Office of Management and Budget (OMB) to provide digitally signed and certified PDF files of the fiscal year 2009 Budget. The public has been able to browse these files on GPO Access since it was released to the public on February 4, 2008.
Demo of Authenticated Public Laws with Digital Signatures
GPO's digitally signed and certified Public Laws that contain GPO's Seal of Authenticity were initially released through a beta release in May 2007. These files have been digitally signed and certified using Public Key Infrastructure (PKI) technology. GPO is using PKI and Digital Signature technologies to verify the authenticity of the electronic U.S. Government documents that it disseminates through the FDLP. Feedback on the application was positive, and GPO released the Authenticated Public and Private Laws for the 110th Congress as a live application on GPO Access in March 2008.
GPO Authentication Initiative Documentation
For Further Reading